Vulnerabilities

CVE-2020-26834

by Fred · 09/12/2020

SAP HANA Database, version – 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.

Date published : 2020-12-09

https://launchpad.support.sap.com/#/notes/2978768

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

Similar

Tags: Cybersecurity Alert